Malware Analysis Report

2024-09-09 17:25

Sample ID 231029-wpswtsgg41
Target https://ewasmash.com
Tags
evasion
score
5/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
5/10

Threat Level: Likely benign

The file https://ewasmash.com was found to be: Likely benign.

Malicious Activity Summary

evasion

Removes a system notification.

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2023-10-29 18:06

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-10-29 18:06

Reported

2023-10-29 18:07

Platform

android-x64-20231023.1-en

Max time kernel

2090764s

Max time network

71s

Command Line

com.android.chrome

Signatures

Removes a system notification.

evasion
Description Indicator Process Target
Framework service call android.app.INotificationManager.cancelNotificationWithTag N/A N/A

Processes

com.android.chrome

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 accounts.google.com udp
NL 142.250.179.205:443 accounts.google.com tcp
US 1.1.1.1:53 accounts.google.com udp
NL 142.250.179.141:443 accounts.google.com tcp
US 1.1.1.1:53 ewasmash.com udp
US 1.1.1.1:53 safebrowsing.googleapis.com udp
US 1.1.1.1:53 ewasmash.com udp
US 1.1.1.1:53 ssl.google-analytics.com udp
US 1.1.1.1:53 ewasmash.com udp
US 1.1.1.1:53 update.googleapis.com udp
US 1.1.1.1:53 djkuroar udp
US 1.1.1.1:53 oqhqonsxrvl udp
US 1.1.1.1:53 ihfeymeomxy udp
US 1.1.1.1:53 ssl.google-analytics.com udp
NL 172.217.168.232:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 ewasmash.com udp
US 216.239.32.21:443 ewasmash.com tcp
US 216.239.32.21:443 ewasmash.com tcp
US 1.1.1.1:53 www.ewasmash.com udp
NL 142.250.179.147:443 www.ewasmash.com tcp
US 1.1.1.1:53 apis.google.com udp
US 1.1.1.1:53 lh5.googleusercontent.com udp
US 1.1.1.1:53 lh3.googleusercontent.com udp
NL 142.251.39.97:443 lh5.googleusercontent.com tcp
US 1.1.1.1:53 apis.google.com udp
US 1.1.1.1:53 lh3.googleusercontent.com udp
US 1.1.1.1:53 update.googleapis.com udp
US 1.1.1.1:53 ihfeymeomxy udp
US 1.1.1.1:53 apis.google.com udp
US 1.1.1.1:53 lh3.googleusercontent.com udp
US 1.1.1.1:53 apis.google.com udp
NL 142.251.36.14:443 apis.google.com tcp
US 1.1.1.1:53 lh3.googleusercontent.com udp
US 1.1.1.1:53 lh6.googleusercontent.com udp
NL 142.251.36.33:443 lh6.googleusercontent.com tcp
US 1.1.1.1:53 lh4.googleusercontent.com udp
US 1.1.1.1:53 clients1.google.com udp
DE 172.217.23.206:443 clients1.google.com tcp
US 1.1.1.1:53 play.google.com udp
US 1.1.1.1:53 lh4.googleusercontent.com udp
US 1.1.1.1:53 lh4.googleusercontent.com udp
US 1.1.1.1:53 calendar.google.com udp
NL 142.251.36.46:443 calendar.google.com tcp
US 1.1.1.1:53 clients6.google.com udp
NL 142.251.36.14:443 clients6.google.com tcp
US 1.1.1.1:53 lh3.googleusercontent.com udp
US 1.1.1.1:53 lh3.googleusercontent.com udp
US 1.1.1.1:53 ssl.gstatic.com udp
US 1.1.1.1:53 lh4.googleusercontent.com udp
US 1.1.1.1:53 docs.google.com udp
DE 172.217.23.206:443 play.google.com tcp
US 1.1.1.1:53 lh3.googleusercontent.com udp
US 1.1.1.1:53 lh3.googleusercontent.com udp

Files

files/dom-0.html

files/dom-1.html